Sitting here on a Sunday afternoon deep in thought around what to write this blog about, and how else I can relate fishing back to cyber security, a common theme in my previous blogs (this is becoming increasingly more difficult!). I felt rather sorry for myself all weekend due to the dreaded man flu (yes, it definitely exists) and it got me thinking why, after all these years has my body not become immune to this common virus. The most sophisticated anti-virus (AV) system in the world, the human body, is well known for fighting off infection and viruses daily. Once this system is successful in defeating the virus, the body then becomes immune to that particular virus, as the antibodies learn to fight it off. The issue it faces with the common cold is that this virus mutates and changes ever so slightly, bypassing the immunity and causing the average adult to become infected 2-3 times a year.
The traditional AV solution is based around the same principles, these solutions learn to read the signature of the virus so that if it has seen it before, it blocks it without much issue. However, the problem lies when the solution has not seen this signature before and the user’s machine can become infected or locked out by ransomware, costing your organisation time and money. Like the human body, once this has happened, vendors add this signature to the list of already blocked or seen issues from the past, meaning that it will be unable to infect other machines again. On the other hand, the attackers have time to test their viruses against these solutions, allowing for slight changes to be made for their code so that the AV is blind to these new threats, and the viruses can infect new machines again. Traditionally, this has been a never-ending battle of writing new signatures into these solutions to protect their customers on a constant basis.
However, Cylance has been designed with AI technology in mind to prevent the need for 100s of coders having to sit and input new signatures into these systems daily. Cylance profiles billions of known file behaviours that allows this solution to see and prevent an infection for the endpoint around the traditional and zero-day threats enterprises face every day. The solution also carries out the below:
- Exhaustive file appraisal: 2.7 million characteristics of a file are considered in milliseconds, without endangering the endpoint or its data.
- Feature review: Machine learning quantifies the presence or absence of features for each of these characteristics allowing it to be score and its overall nature
- Quarantine of threat: Allows security professionals to review these individual files without taking a whole system off the network, reducing downtime.
If you feel your Anti-Virus solution in your enterprise is behind the curve, get in touch with us at Armadillo, we have a wide range of experience in discussing and implementing Cylance and its AI technology so that you can improve your security posture. Also, if any company out there can create a similar solution for the common cold I will be your first investor.
Written by: John Webster, Client Manager at Armadillo.